The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 7.0 |
||
google android 6.0 |